CLAIMS 



What is claimed is: 

1 . A method for administration of security pohcies in a computer system, 

comprising the steps of: 

(a) displaying a graphical representation of at least one subject; 

(b) displaying a graphical representation of at least one obj ect; 

(c) displaying a graphical representation of a security poUcy; and 

(d) dragging and dropping the graphical representation of the at least one subj ect 
and the graphical representation of the at least one object into the graphical representation of 
the security pohcy, wherein the dragging and dropping grants the at least one subject access 
to the at least one object under the security policy. 

2. The method of claim 1 , wherein the at least one subject is a user. 

3 . The method of claim 1 , wherein the at least one obj ect is data. 

4. The method of claim 1 , wherein the dragging and dropping grants the at least 
one subject read and/or write rights to the at least one object. 

5 . The method of claim 1 , wherein the dragging and dropping assigns a 
sensitivity level and a category to the at least one object, wherein the dragging and dropping 
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assigns a trust level and a classification to the at least one subject. 



1 6. The method of claim 1 , wherein the graphical representation of the at least 

2 one subject or the at least one object comprises an image or an icon. 

1 7. The method of claim 1, wherein the graphical representation of the security 

2 policy comprises at least one window. 

1 8. The method of claim 7, wherein the graphical representation of the security 

2 policy further comprises at least one label. 

1 9. The method of claim 1, further comprising: 

2 (e) providing a tool for viewing attributes of the at least one subject or the at 

3 least one object. 

1 10. The method of claim 1 , fiirther comprising; 

2 (e) providing a tool for creating or deleting the least one subject or the at least 

3 one object. 

1 1 1 . A computer readable medium with program instructions for administration of 

2 security pohcies in a computer system, comprising the instructions for: 

3 (a) displaying a graphical representation of at least one subject; 
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(b) displaying a graphical representation of at least one obj ect; 

(c) displaying a graphical representation of a security pohcy; and 

(d) dragging and dropping the graphical representation of the at least one subj ect 
and the graphical representation of the at least one object into the graphical representation of 
the security policy, wherein the dragging and dropping grants the at least one subject access 
to the at least one object under the security policy. 

12. The medium of claim 11, wherein the at least one subject is a user. 

1 3 . The medium of claim 1 1 , wherein the at least one object is data. 

1 4 . The medium of claim 1 1 , wherein the dragging and dropping grants the at 
least one subject read and/or write rights to the at least one object. 

15. The medium of claim 1 1 , wherein the dragging and dropping assigns a 
sensitivity level and a category to the at least one object, wherein the dragging and dropping 
assigns a trust level and a classification to the at least one subject. 

16. The medium of claim 1 1 , wherein the graphical representation of the at least 
one subject or the at least one object comprises an image or an icon. 

17. The medium of claim 1 1 , wherein the graphical representation of the security 
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2 policy comprises at least one window. 

1 18. The medium of claim 1 7, wherein the graphical representation of the security 

2 policy further comprises at least one label 



1 19. The medium of claim 11, further comprising instructions for: 

2 (e) providing a tool for viewing attributes of the at least one subject or the at 

3 least one object. 

1 20. The medium of claim 1 1 , further comprising instructions for: 

2 (e) providing a tool for creating or deleting the least one subj ect or the at least 

3 one object. 

1 2 1 . A system, comprising: 

2 a graphical representation of at least one subject; 

3 a graphical representation of at least one object; and 

4 a graphical representation of a security policy, wherein the graphical representation 

5 of the at least one subject and the graphical representation of the at least one object may be 

6 dragged and dropped into the graphical representation of the security policy, wherein the 

7 dragging and dropping grants the at least one subject access to the at least one object under 

8 the security poUcy. 
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22. The system of claim 21, wherein the at least one subject is a user. 



1 23. The system of claim 21, wherein the at least one object is data. 

1 24. The system of claim 21 , wherein the dragging and dropping grants the at least 

2 one subject read and/or write rights to the at least one object. 

1 25. The system of claim 21 , wherein the dragging and dropping assigns a 

2 sensitivity level and a category to the at least one object, wherein the dragging and dropping 

3 assigns a trust level and a classification to the at least one subject. 

1 26. The system of claim 21, wherein the graphical representation of the at least 

2 one subject or the at least one object comprises an image or an icon. 

1 27. The system of claim 21, wherein the graphical representation of the security 

2 pohcy comprises at least one window. 

1 28. The system of claim 27, wherein the graphical representation of the security 

2 policy further comprises at least one label. 

1 29. The system of claim 21 , further comprising a tool for viewing attributes of 

2 the at least one subject or the at least one object. 
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1 30. The system of claim 2 1 , further comprising a tool for creating or deleting the 

2 least one subject or the at least one object. 
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